Maryland: The U.S. Food and Drug Administration (FDA) has announced another new recall for Johnson & Johnson MedTech’s Automated Impella Controller (AIC) due to a significant cybersecurity risk.
“If the identified cybersecurity vulnerabilities are exploited, it may affect the essential performance of the AIC,” according to the FDA’s advisory.
At this time, no cyberattacks have been tied to this specific issue. This is the fourth time in three months the FDA has shared serious safety concerns related to these devices, which serve as the primary user control interface for Impella catheters.
This latest issue impacts more than 100,000 devices. Unlike many recalls, nothing needs to be returned to the manufacturer or removed from the market. Instead, customers are urged to keep AICs in a secure environment. Johnson & Johnson MedTech representatives will be reaching out to all customers to help them disable the device from the network and minimize any potential security risks.
This is a Class I recall, meaning the devices could result in serious patient injuries or even death if used without following the FDA’s instructions.
“More information will be provided when further mitigations are available to be deployed to resume network enablement,” according to the advisory.
Additional context from Johnson & Johnson MedTech
Johnson & Johnson MedTech shared a statement with Cardiovascular Business about this recall, noting that the cybersecurity vulnerabilities were identified during an internal assessment.
“Patient safety remains our priority, and all impacted customers have been notified,” Johnson & Johnson MedTech told Cardiovascular Business. “While we take steps to mitigate risks, AICs can continue to be used as intended. AICs have been in clinical use for over 15 years with no reported cybersecurity incidents to date.”
